Starting on 3/3/10, avast has consistently detected a number of it’s own processes as “Win32:Hybris-44 [Drp]” across our network and attempts to delete them, unsuccessfully. At least if it does manage to delete them, they start back up. The culprits are as follows:
aswWebSv.exe
avAgent.exe
aswServ.exe
I’m pretty sure these are false positive, so what steps can we take right now - i.e. do we need to wait for an update that fixes the problem, or is there something we can do to alleviate the issue. Also, what could cause this to happen? This isn’t the first time Avast has targeted itself, although at other times it usually targeted one of its files (which turned out to be uninfected)
I think that the correct file names may well begin with asw not ash as this is uses on some of the server based versions, I don’t know if that is correct in the ADNM though.
However, as Tech asks the key is the location of the files.
Sorry I can’t confirm it as I don’t use the ADNM product.
Are they still being detected ?
If so - check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Are there associated ash versions of these files in the avast4 folder ?
No, there are no ash version in the avast4 folder.
I was a little over-eager to continue this thread this morning, and I neglected to check if Avast was still detecting problems with itself; it is not. I tested the files on virus total as well, and they are all clean: